blackmoon | 3b8f70eaccbdb1cf69ac5b5f1b7c5dc72631ab2e740e76f76e0df998d50ba2cf | Triage

Submit
Reports

Overview

overview

Static

static

8

3b8f70eacc...cf.exe

windows7-x64

3b8f70eacc...cf.exe

windows10-2004-x64

Sharing

General

Target

3b8f70eaccbdb1cf69ac5b5f1b7c5dc72631ab2e740e76f76e0df998d50ba2cf
Size

4.0MB
Sample

221023-zzghbscfg4
MD5

9db55640696bc0fd1cb08568c42f5d5b
SHA1

89f1105462ee2003bcc44a70d9ddd00d21bb5938
SHA256

3b8f70eaccbdb1cf69ac5b5f1b7c5dc72631ab2e740e76f76e0df998d50ba2cf
SHA512

7a9543e7bbb8d26fb35450580e7dac37cd410bc273214421a62465456365cb8ce3e780b88938927e9d3deb3f13de11b7310ea3f6424b17a41c4cf612358fd812
SSDEEP

98304:FPUpwKFQhvFGd6toOUVuwXWxiTsFtJ3L1ifCGW:FPwT2FGGAVLXAT3RifCGW

Score

10^/10

blackmoon joker aspackv2 banker infostealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

3b8f70eaccbdb1cf69ac5b5f1b7c5dc72631ab2e740e76f76e0df998d50ba2cf.exe

Resource

win7-20220812-en

blackmoon joker banker infostealer trojan

windows7-x64

9 signatures

150 seconds

Behavioral task

behavioral2

Sample

3b8f70eaccbdb1cf69ac5b5f1b7c5dc72631ab2e740e76f76e0df998d50ba2cf.exe

Resource

win10v2004-20220901-en

blackmoon joker banker infostealer trojan upx

windows10-2004-x64

10 signatures

150 seconds

Malware Config

Extracted

Family

joker

C2

https://htuzi.oss-cn-shanghai.aliyuncs.com

Targets

- Target
  
  3b8f70eaccbdb1cf69ac5b5f1b7c5dc72631ab2e740e76f76e0df998d50ba2cf
- Size
  
  4.0MB
- MD5
  
  9db55640696bc0fd1cb08568c42f5d5b
- SHA1
  
  89f1105462ee2003bcc44a70d9ddd00d21bb5938
- SHA256
  
  3b8f70eaccbdb1cf69ac5b5f1b7c5dc72631ab2e740e76f76e0df998d50ba2cf
- SHA512
  
  7a9543e7bbb8d26fb35450580e7dac37cd410bc273214421a62465456365cb8ce3e780b88938927e9d3deb3f13de11b7310ea3f6424b17a41c4cf612358fd812
- SSDEEP
  
  98304:FPUpwKFQhvFGd6toOUVuwXWxiTsFtJ3L1ifCGW:FPwT2FGGAVLXAT3RifCGW
Score

10^/10

blackmoon joker banker infostealer trojan upx
- Blackmoon, KrBanker
  Blackmoon also known as KrBanker is banking trojan first discovered in early 2014.
  trojan banker blackmoon
- Detect Blackmoon payload
- joker
  Joker is an Android malware that targets billing and SMS fraud.
  infostealer trojan joker
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

blackmoonjokerbankerinfostealertrojan

behavioral2

blackmoonjokerbankerinfostealertrojanupx

© 2018-2025

Terms | Privacy